• Segura discovered the scam via a Bing Images search for Taylor Swift. • A compromised site hosting the image linked to a webpage mimicking police ransomware. • Only it isn't really "ware" in the normal sense of a ransomware trojan. • The scam uses clever persistent JavaScript in its attempt to trick people into paying a supposed fine.

And now we'd like to contribute some additional notes.

Located in Canada, Segura was directed to an FBI themed webpage. This is probably due to his North American IP address, or else he was using a US-based proxy.

In Europe, the result is Europol themed:

And the scam uses a Europol-themed URL:

Also, such scams are not just targeting Macs, as this comment from The Safe Mac explains.

Crimeware kits are always targeting everything all the time. Windows, Macs, every OS.

But most of the time… there isn't a good exploit vector with which to target Macs with malware, so they are redirected to something "spammy" instead. For example, now that the ransom scam has been exposed, this is what the FBI and Europol URLs are currently redirecting to: